Department of Homeland Security
Latest
Researcher says a US terrorist watchlist was exposed online for three weeks
The FBI’s Terrorist Screening Center (TSC) may have exposed the records of nearly 2 million individuals and left them accessible online for three weeks.
DHS will issue mandatory cybersecurity rules for pipeline companies
Following the Colonial Pipeline ransomware attack that led to fuel shortages in parts of the US, the federal government plans to impose mandatory cybersecurity regulation on the pipeline industry for the first time.
ACLU and 70 other organizations ask DHS to stop using Clearview AI
More than 70 advocacy groups have called on the Department of Homeland Security to stop using Clearview AI's facial recognition software.
SolarWinds hack reportedly accessed emails for key DHS officials
SolarWinds hackers reportedly compromised the email of Homeland Security officials, including acting Secretary Chad Wolf.
Civil rights groups demand CBP stops facial recognition expansion at airports
The ACLU, Electronic Frontier Foundation and others objected to a proposed rule change.
US government drops online class restrictions for international students
Had the federal government started enforcing the policy, international students would have had to take at least one in-person class to stay in the country
ACLU sues Homeland Security over airport facial recognition records
There's no question that AI surveillance is on the rise, but there are a lot of questions about just how extensively law enforcement agencies, like the Department of Homeland Security (DHS), are using it. In an attempt to increase transparency, the American Civil Liberties Union (ACLU) is suing DHS -- along with Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE) and the Transportation Security Administration (TSA). The ACLU is requesting records on the use of face surveillance at airports and borders, as well as the agencies' plans for future use.
Microsoft will fix an Internet Explorer security flaw under active attack
Mozilla isn't the only one grappling with a serious web browser security flaw. Microsoft has confirmed to TechCrunch that it will fix an Internet Explorer security exploit already being used for "limited targeted attacks." The vulnerability lets attackers corrupt memory used for the scripting engine in IE9, IE10 and IE11 in a way that would let the intruder run arbitrary code with the same permissions as the user, letting them hijack a PC. It's believed to be similar to the Firefox issue disclosed a week earlier.
Homeland Security wants airport face scans for US citizens
Homeland Security is joining the ranks of government agencies pushing for wider use of facial recognition for US travelers. The department has proposed that US citizens, not just visa holders and visitors, should go through a mandatory facial recognition check when they enter or leave the country. This would ostensibly help officials catch terrorists using stolen travel documents to move about. The existing rules specifically exempt citizens and permanent residents from face scans.
Federal judge rules suspicionless device searches at the border are illegal
Civil liberties advocates just scored an important victory in a bid to prevent arbitrary device searches at the US border. A federal court handling a 2017 lawsuit has ruled that US policies allowing device searches without valid suspicion or warrants violate Fourth Amendment protections against unreasonable searches and seizures. Judge Denise Casper noted that an exemption for searches at the border was "not limitless," and still needed to strike a balance between privacy and government interests. That usually means focusing on contraband, she said.
Congress plans to investigate how social media giants are fighting hate
House lawmakers plan to unveil legislation to study the ways social media can be weaponized, The Washington Post reports. They want to better understand social media-fueled violence and to determine if tech giants are doing enough to effectively protect users from harmful content. Congress isn't just looking at what tech giants say they'll do to fight online hate and extremism. Lawmakers want to know if those efforts are effective or not.
Facebook, Google meet intelligence agencies to talk 2020 election security
Both intelligence agencies and tech companies are gearing up to secure the 2020 US election, and that apparently includes some heart-to-heart conversations between the two. Bloomberg sources have learned that Facebook, Google, Microsoft and Twitter are meeting members of the FBI, Homeland Security and the Office of the Director of National Intelligence to discuss the industry's security strategy. This reportedly includes plans for tighter coordination between tech and government, as well as curbing disinformation campaigns.
Senate finds US agencies left security holes untouched for a decade
It's almost a truism to state that government IT security is frequently lacking, but a new Senate subcommittee report has underscored just how severe the problem is. Investigators found that several federal agencies (including the State Department, Homeland Security and the Social Security Administration) didn't adequately protect personal data, and that six of them hadn't installed security patches in a "timely" fashion to close vulnerabilities. In some cases, these flaws had lasted for roughly a decade or more.
Senators propose legislation to protect your phone at the border
For years, US border agents have been demanding access to digital devices as people pass into and out of the country. The practice has raised red flags and lawsuits, and the number of searches has spiked under the Trump Administration. Last month, the ACLU charged federal agents with wielding "near-unfettered authority" to search phones, PCs and other devices. Yesterday, Senators Ron Wyden (D-OR) and Rand Paul (R-KY) introduced a bill that would require agents to obtain a warrant or written consent before they crack open digital devices and snag users' data.
US government warns China may have access to drone data
Today, the Department of Homeland Security issued an alert warning that Chinese-made drones may be sending flight information back to their manufacturers, who could share it with third parties. According to CNN, the alert warns companies and organizations that the US government has "strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data."
ACLU: border agents regularly perform 'warrantless' device searches
Privacy advocates have long been concerned that US border agents may be overstepping their boundaries when searching devices, and the ACLU just obtained evidence appearing to support that theory. The civil rights group has motioned for summary judgment in its lawsuit against the Department of Homeland Security after its discovery process revealed far-reaching policies for "warrantless and suspicionless" searches. Reportedly, both Customs and Border Protection as well as Immigration and Customs Enforcement have claimed "near-unfettered authority" to search phones, PCs and other devices, even though the requests fall well outside their purview.
Feds charge nine hackers for $30M insider trading scheme
The Wall Street Journal reports that federal prosecutors are set to unseal charges Tuesday against nine hackers and stock traders involved in an insider trading operation that netted more than $30 million on illicit deals. The group to be charged allegedly had been conducting sophisticated cyber-attacks against newswire services in order to steal upcoming merger and acquisition information that had been uploaded to the newswire's servers -- but not yet published -- and position their investments accordingly. The group was discovered after a multi-agency investigation involving the DHS, FBI, SEC and the Secret Service.
Obama renews push for comprehensive cybersecurity legislation
Barack Obama's last effort to get some cybersecurity legislation through Congress stalled in 2011, when it successfully cleared the Republican-held House, but withered in the Senate. After some high-profile attacks on government social networking accounts, Sony and others, he's resurrecting those plans. It will be one of the many things the president discusses during his upcoming State of the Union address, but he is delivering a preview of those plans today in a speech at the Department of Homeland Security. Obviously many of the details will need to be worked out by Congress, but Obama is pushing for some liability protection for companies that quickly respond and share information about attacks. The White House says there will also be strict requirements for the protection of personal data.
DHS issues warning about using Internet Explorer
Over the weekend a new serious vulnerability in Internet Explorer was announced by Microsoft, affecting all users of Internet Explorer 6 through 11. The threat is serious enough that the Department of Homeland Security has issued an official warning against using Internet Explorer until the bug is patched up. The threat was explained in a bulletin from the DHS subgroup the United States Computer Emergency Readiness Team (US-CERT). US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution. US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser. The issue pertains to a vulnerability that allows malicious users to use specially crafted HTML documents like a webpage or HTML email to execute unauthorized code remotely. This gives the person attacking your system the same user rights as the current user, installing unwanted programs and stealing information. If the attacker manages to grab control of an Admin account the damage they can do is even more vast. For legacy Windows users this news is potentially devastating since the company ended support for Windows XP users on April 8. Thankfully for a majority of Mac users the Internet Explorer loophole won't be an issue thanks to the host of alternative browsers available. Unless a Mac user has gone out of their way to download IE this shouldn't be an issue. However, we know that sometimes there are people who are stuck in their ways and despite having switched over to Macs, they've stuck with IE. Others might have it installed for testing purposes. If you know a Mac user in this boat, or if you are said user, please stop using Internet Explorer immediately.
Meet Rebecca Richards, the NSA's new Privacy Officer
It's safe to say that the NSA will need more than a pressure hose to wash away the scandals of 2013. As part of the plan to rehabilitate its image, the NSA advertised for a privacy officer back in September, and now the role has been filled by Rebecca Richards. Currently working in Homeland Security's privacy office, Richards' job will be to advise the NSA's director on ways to ensure that civil liberties aren't being ignored by the data-hungry agency. We were going to post the new executive's mugshot, but it appears that she's already gotten the hang of this online privacy lark.
